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Commissioner for Patents 
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Alexandria, VA 223 13-1450 



SUPPLEMENTAL BRIEF OF APPELLANT 
This Supplemental Appeal Brief, pursuant to the Office Action mailed August 11, 2005, 
is an appeal from the rejection of the Examiner dated August 1 1 , 2004. The Appeal Brief filed 
April 1 1 , 2005 is incorporated, in its entirety, herein by reference. The present Supplemental 
Appeal Brief addresses Iho rejections of claims in the Office Action mailed August 11, 2005. 

REAL PARTY IN INTEREST 

International Business Machines, Inc. is the real party in interest. 

RELATED APPEALS AND INTERFERENCES 

None. 

STATUS OF CLAIMS 
Claims 1-6 and 11-19 arc rejected. Claims 7-10 arc canceled. This Brief is in support of 

09/626,637 1 
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an appeal from the rejection of claims 1-6 and 11-19. 

STATUS OF AMENDMENTS 

There arc no After-Final Amendments which have not been entered. 

SUMMARY OF CLAIMED SUBJECT MATTER 

The present invention discloses a method for enabling use by a browser of valid 
authentication certificates in relaLion to a transaction between the browser and a server when a 
private key and public key of a certifying authority of the server has expired, but the 
authentication certificates of any of the server or browser arc still valid. An original 
authentication certificate together with a server certifying authority chain (SCAC) certificate is 
received by the browser from the server during a SSL handshake between the browser and the 
server, The SCAC cerli ficate was previously obtained by the server from the certifying authority. 
The browser verifies the original authentication certificate using the expired public key of the 
certifying authority. The browser verifies the SCAC certificate using a new public key of the 
certifying authority. See FIG. 1 (steps 1, 2, and 4) and specification, page 6, lines 9-10, 23-26; 
page 5 3 lines 5-10. 

After verifying the original authentication certificate and after said verifying the SCAC 
certificate, the browser accepts the transaction between the browser and the server. Sec FIG. 1 
(step 5) and specification, page 6, line 27 - page 7, line 2. 

The SCAC certificate may be obtained by the server whenever the certifying authority 
invalidates its public key, wherein the certificate is obtained by: contacting the certifying 

09/626,637 2 
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authority using the server's private key for authentication to make a request for the SCAC 
certificate; verifying the request by the certifying authority using the server's public key; and 
generating the SCAC certificate by the certifying authority using a new private key of the 
certifying authority and forwarding the SCAC certificate to the server. Sec FIG. 2 and 
specification, page 7, lines 4-12. 

Generating the SCAC certificate may include authenticating the server name, the server 
public key, old certifying authority public key, and certi Tying authority name. Sec specification, 
page 4, lines 24-26. 

A client (CCAC) certi ficatc may be issued by the certi fying authority, said CCAC 
certificate being functionally the same as the SCAC certificate subject to the roles of the browser 
and the server being interchanged. The CCAC certificate maybe presented to the server during 
the handshake. See specification, page 7, lines 16-22. 

GROUNDS OF REJECTION TO BE REVIEWED ON APPEAL 

1 . Claims 1 , 5-6, 11-13, and 17-19 stand rejected under 35 U.S.C. §1 03(a) as allegedly being 
unpatentable over Lewis et al. (U.S. Patent No. 6,233,565) in view of Weinstcin et al. (U.S. 
Patent No. 6,094,485). 

Qi9S&- The Examiner initially stated that claims 1, 4-6, 1 1, 13, 17-19 are rejected over Lewis in 
view of Weinstcin, which appears to be a typographical error in light of the claims actually 
analyzed by the Examiner over Lewis in view of Weinstein) 

2. Claims 2, 3, 14 and 15 stand rejected under 35 U.S.C. §l03(a) as allegedly being unpatentable 
09/626,637 3 
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over Levvis-Wcinstein and further in view of Pcrlman et al (US Patent No. 6,230,266). 

3. Claim 4 stands rejected under 35 U.S.C. §103(a) as allegedly being unpatentable over Lewis- 
Wcinstcin and further in view of Kramer et al (US Patent No. 6,324,525). 

4. Claim 16 stands rejected under 35 U.S.C. §103(a) as allegedly being unpatentable over Lcwis- 
Weinstcin and further in view of Kramer el al (US Patent No. 6,324,525). 



4 
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ARGUMENT 

GR OUND OF REJECTIO N t 

Claims 1, 5-6, 1 1-13, and 17-1 9 stand rejected under 35 U.S.C. §103(a) as allegedly 
being unpatentable over Lewis et al. (U.S. Patent No. 6,233,565) in view of Weinstein el al. 
(U.S. Patent No. 6,094,485). 

Claims I. 5-6. 13. an d 17 

Appellants respectfully contend that claims 1, 6, and 13 arc not unpatentable over I-ewis 
in view of Weinstein, because I,ewis in view of Weinstein does not teach or suggest each and 
every feature of claims 1, 6, and 13. 

A first example of why claims 1 , 6, and 13 are not unpatentable over Lewis in view of 
Weinstein is that Lewis in view of Weinstein does not teach the following first feature: 
"receiving an original authentication certificate together with a server certifying authority chain 
(SCAC) certificate by the browser from the server during a SSL handshake between the 
browser and the server, said SCAC certificate having been previously obtained by the server 
from the certifying authority" (emphasis added) (claim 1), and similar language for claims 6 and 
13. 

The Examiner cites Lewis, col. 30, lines 39-41 , as disclosing the preceding first feature of 
claims 1,6, and 13, except for the limitation of receiving the original authentication certificate 
and the SCAC certificate together. 

As to tho limitation of receiving the original authentication certificate and the SCAC 

09/626,637 5 
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certificate together, the Examiner states: "Lewis does not specifically disclose certificates 
received together. However, Wciiistein discloses: a) receiving an original authentication 
certificate together with a server certifying authority chain (SCAC) certificate, (sec Weinstcin 
co). 3, lines 56-64: multiple (i.e. new, intermediate (i.e. old)) certificates within a transmission 
(i.e. together)) It would have been obvious to one of ordinary skill in the art at the lime the 
invention was made to modify Lewis to enable multiple security client/server certificates 
transmitted within a network session as taught by Wcinstein. One of ordinary skill in the art 
would be motivated to employ Wcinstein in order to optimize encryption within a secure network 
communications session, (sec Wcinstein col. 2, lines 10-15: " ... provides a process and apparatus 
that is used by an exportable version of an SSL client ... negotiate an encrypted communication 
session using strong encryption with an SSL server 
Tn response, Appellant will next argue that: 

(1) the old certificate and the new certificate are not received by the browser from the 
server as required by claims 1, 6, and 13; and 

(2) receiving the original authentication certificate and the SCAC certificate together docs 
not make sense for Lewis' invention. 

Appellants' analysis begins with quoting Lewis, col. 30, lines 36-50: 
"The initial CA's certificate will be distributed by means of regular US certified mail. Included 
with the CA's certificate will be a hash of the next certificate key values. When a certificate 
expires, the USPS certification authority will issue a new certificate and sign it with the old 
certificates matching private key. The USPS CA will send a new certificate signed with the CA's 
new private key to the server 4. The server 4 will validate the certificate for authenticity by first 
checking to ensure that the new CA certificates public key authenticates the included signature, it 
will then hash the keys included with the new certificate to verify that the hash value match with 

09/626,637 6 
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the old hash included wiLh the old CA's certificate. If both conditions validate, the old CA's 
certificate is deleted and replaced with a new CA certificate. " (emphasis added). 

The preceding quote in Lewis demonstrates that: 

(1) the old certificate and the new certificate are not received by the browser from the 
server as required by claims 1 , 6, and 13, but arc instead received by the server from the 
Certificate Authority; and 

(2) The new certificate replaces the old certificate and thus becomes relevant only after 
the old certificate expires. It makes no sense for the server to receive the old and new 
certificates together, since the server already has possession of the old certificate when the server 
receives the new certificate. Thus, it is not ohvious to modify Uwis to receive the old and new 
certificates together. 

In addition, the Examiner's citation of Wcinslcin has no relevance for Lewis. lu 
particular, the multiple certificates in the certificate chain described in Weinslein, col. 3, lines 54- 
60 are used to verify a server by a client, whereas the old and new certificates described in Lewis, 
col. 30, lines 36-50 arc used to verify n CA certificate by a server. 

A second example of why claims 1, 6, and 13 arc not unpatentable over Lewis in view of 
Weinslein is that Lewis in view of Weinstein docs not teach the following second feature: 
"verifying by the browser the original authentication certificate using the expired public key of 
the certifying authority" (emphasis added) (claim I), and similar language for claims 6 and 13. 
The Uxnmincr argues that Lewis discloses the aforementioned second feature of claims 1, 6, and 
13. The Examiner relics specifically on content disclosed in Uwis, col. 14, lines 36-42 and col. 

09/626,637 7 
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30, linos 41-43. 

In response. Appellants respectfully contend that Lewis col. 14, lines 36-42 docs not 
disclose use of an expired public key as required by claims 1, 6, and 13 . Furthermore, 
Appellants respectfully contend that Lewis col. 30, lines 41-43 stales specifically that "ft]hc 
USPS CA will send a new certificate signed with the CA's new private key to the server" which 
docs not even mention an expired public key. The preceding second feature requires verification 
by the browser using the expired public key of the certifying authority, which Lewis docs not 
teach. Although Lewis discloses in col. 27, lines 1 0-24 that a user may verify an X.509 
certificate using a CA's public key, Lewis docs not teach anywhere that the browser verifies the 
X.509 certificate using a public key after the public key has expired as required by claims 1, 6, 
and 13. 

Based on the preceding arguments, Appellants respectfully maintain that claims 1 , 6, and 
13 arc not unpatentable over Lewis in view of Weinstein and are in condition for allowance. 
Since claim 5 depends from claim 1 , Appellants contend that claim 5 is likewise in condition for 
allowance. Since claim 17 depends from claim 13, Appellants contend that claim 17 is likewise 
in condition for allowance. 



Claims 1 1 and 1 8 

Since claims 11 and 1 8 respectively depend from claims 1 and 13, and since Appellants 
have argued supra that claims 1 and 13 are not unpatentable over Lewis in view of Weinstein, 

09/626,637 8 
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Appellants maintain that claims 11 and 18 arc likewise not unpatentable over Lewis in view of 
Wcinstein. 

In addition with respect to claims 1 1 and 18, Appellants maintain that Uwis in view of 
Wcinstein docs not teach or suggest the feature: "accepting die transaction by the browser after 
said verifying the original authentication certificate and after said verifying the SCAC certificate" 
(claim 1 1), and similar language for claim 18. 

The Examiner argues that Lewis, col. 27, lines 10-24 teaches die preceding feature of 

claims 1 1 and 18. 

In response, Appellants maintain that Lewis, col. 27, lines 10-24 leaches that a user "A" 
may accept a transaction after verifying an authentication certificate, but does not teach that the 
user "A" would accept a transaction after verifying both the original authentication certificate 
and the SCAC certificate, as required by claims 1 1 and 18. 

Accordingly, Appellants maintain that claims 1 1 and 1 8 arc not unpatentable over Lewis 
in view o f Wcins loin. 



Clai ms 12 and 19 

Since claims 12 and 19 respectively depend from claims 1 and 1 3, and since Appellants 
have argued supra that claims 1 and 13 are not unpatentable over Lewis in view of Wcinstein, 
Appellants maintain that claims 1 2 and 1 9 are likewise not unpatentable over Lewis in view of 
Wcinslein. 

In addition with respect to claims 12 and 19, Appellants maintain that I-ewis in view of 
Weinstein docs not teach or suggest the feature: "wherein obtaining the SCAC certificate 

09/626,637 9 
PAGE 10731 * RCVD AT 1 1/11/2005 10:50:49 AM [Eastern Standard Tlme| # 8VR:USPTO-EFXRF-6/25 * DNIS:2738300 * CSID: * DURATION (mm-ss):07-20 



NOV-11-05 FRI 11:55 AM 



FAX NO. 



P. 11 



comprises using the new private key of the certifying authority (emphasis added) (claim 12), 

and similar language for claim 1 9. 

The Examiner argues: "Lewis disclose the method and system of claims 1 , 13, wherein 

obtaining the SCAC certificate comprises using the new private key of the certifying authority. 

(sec Lewis col. 30, lines 41-43: certificate (i.e. server/client) utilizing private key for digital 
signature generation and public key for verification)". 

In response, Appellants maintain that Lewis, col. 30, lines 41-43 teaches that the CA 
signs the new certificate with the CA's private key. In contrast, the "obtaining" in claims 1 2 and 
1 9 is performed by the server and not by the CA, as may be verified from claims 1 and 1 3 from 
which claims 12 and 19 respectively depend. In particular, claim 1 recites: "said SCAC 
certificate having been previously obtained by the server from the certifying authority" 
(emphasis added). Therefore, Lewis docs not disclose "wherein obtaining the SCAC certificate 
comprises using the new private key of the certifying authority", since the CA who uses new 
CA's private key is not the server that obtains the SCAC certificate in accordance with claims 12 
and 19. 

Accordingly, Appellants maintain that claims 12 and 19 arc not unpatentable over Lewis 
in view of Wcinstcin. 



09/626,637 10 
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ffWQIIN 1 * Q F EJECTION 2 

Claims 2, 3, 14 and 15 stand rejected under 35 U.S.C. §103(a) as allegedly being 
unpatentable over Lewis- Woinstein and further in view of Pcrlman et al. (US Patent No. 
6,230,266). 

Cl aims 2 and 14 

Since claims 2 and 14 respectively depend from claims 1 and 13, and since Appellants 
have argued siq»* that claims 1 and 13 arc not unpatentable over Lewis in view of Weinstcin, 
Appellants maintain tliat claims 2 and 14 are likewise not unpatentable over Lewis-Wcinstcin 
and further in view of Pcrlman. 

In addition with respect to claims 2 and 14, Appellants maintain that Lewis-Weinslcin 
and further in view of Pcrlman docs or suggest not teach the following first feature: "wherein the 
SCAC certificate is obtained by the server whenever the certifying authority invalidates its public 
key". 

The Examiner states: "Lewis docs not disclose a Certificate Authority (CA) ihd 
invalidates or withdraws its public/private key. However, Penman discloses Certificate Authority 
(CA) that invalidates or withdraws its public/private key pair through the process of revocation." 

In response, Appellants note that Perlman repeatedly discusses certificate revocation. 
However, Pcrlman docs not teach or suggest public key invalidation, and the Examiner has not 
produced a citation that allegedly discloses public key invalidation, as required by claims 2 and 
14. 

00/62G,637 11 
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In addition with respect to claims 2 and 14, Appellants maintain that Lewis in view of 
Pcrhnan does not teach or suggest the second feature: "contacting the certifying authority using 
Ihc server's private key for authentication to make a request tor the SCAC certificate" (claim 2) 
(emphasis added), and similar language for claim 14. The Examiner argues that Perhnan, col. 6, 
lino 63 - col. 7, line 6 discloses the preceding second feature of claims 2 and 14. 

In response, Appellants maintain that Perlman, col. 6, line 63 - col. 7, line 6 docs not 
disclose "to make a request for the SCAC certificate", as alleged by the Examiner. Indeed, 
Pcrhnan, col. 6, line 63 - col. 7, line 8 recites: 

"In order to update the certificates previously issued by certificate authorities 204c so as 
to ensure that principals relying upon such certificates now recognize the validity of 
certificates (including the special delegation certificate) issued by the successor CA 204b, 
CA 204a may issue, via secure off-line techniques, to certificate authorities 204c a 
"renunciation" certificate 600 (the data structure of which is represented in FIG. 6) 
signed using the private key of Ihc CA 204a including information 602 staling that the 
CA 204a has renounced all of its certification authority (i.e., power to issue certificates), 
and has granted that authority to the CA 204b" (emphasis added). 

Thus, Perlman, col. 6, line 63 - col. 7, line 6 discloses issuing a renunciation certificate and most 
certainly docs not disclose requesting the SCAC certificate. In other words, "requesting" and 
"issuing" are different actions. Moreover, a renunciation certificate is not a SCAC certificate. 

Tn addition with respect to claims 2 and 14, Appellants maintain that Lewis in view of 
Pcrhnan docs not leach or suggest the third feature: "verifying the request by the certifying 
authority using the server's public key" (claim 2), and similar language for claim 14. The 

09/626,637 I 2 
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Examiner argues that Pcrlroan, col. 7, lilies 1 5-1 8 discloses the preceding third feature of claims 
2 and 14. 

In response, Appellants maintain that Perlman, col. 7, lines 15-18 docs not disclose "to 
make a request for the SCAC certi licate", as alleged by the Examiner. Indeed, Permian, col. 7, 
lines 15-18 Tccitc: "The authorities 204c receiving such renunciation certificates from CA 204a 
verify that the renunciation certificates have been properly signed by the CA 204a". Appellants 
contend that the preceding quote of Perlman discloses verifying that the renunciation cerfi ficatcs 
have been properly signed by the CA, but does not disclose verifying the request by the certifying 
authority using tho server's public key, as required by claims 2 and 1 4. 

In addition with respect to claims 2 and 14, Appellants maintain that Lewis in view of 
Perlman does not leach or suggest the fourth feature: "generating the SCAC certificate by tho 
certifying authority using anew private key of the certifying authority and forwarding the 
SCAC certificate to the server" (claim 2) (emphasis added), and similar language for claim 14. 
The Examiner argues that Perlman, col. 7, lines 1 2-24 discloses the preceding fourth feature of 
claims 2 and 14. 

In response, Appellants maintain that Perlman, col. 7, lines 12-24 docs not disclose 
"forwarding tho SCAC certificate to the server" as alleged by the Examiner and as required by 
claims 2 and 14. 

In addition, Appellants contend that the Examiner's reason for modifying Lewis by the 
alleged teaching of Perlman is not persuasive. The Examiner argues: "Tt would have been 

09/626,637 13 
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obvious to one of ordinary skill in the ait al the time of the invention lo modify the inventions or 
Ixwis to include a Certificate Authority (CA) that invalidates its key pair through the process of 
revocation as taught in Pcrlman. One of ordinary skill in the art would have been motivated to 
incorporate the invention of Pcrlman in order to ensure the authenticity of certificates when a CA 
invalidates a public/private key pair, (see Pcrlman col. 2, lines 20-26: "... network security, every 
principal ;«us7 have a certificate ... desirable to later disable a certificate after it has been issued 
but prior to its expiration. For example, a principal's private key may be stolen, compromised or 
lost, etc. ... revoke (he certificate, thereby disabling authentication via that certificate ...")" 
(emphasis added).. 

In response, Appellants maintain that the cited motivation in Pcrlman requires revocation 
of the original certificated/or to expiration of the original certificate. However, with respect to 
claims I and 13 from which claims 2 and 14 respectively depend, the Examiner cites Lewis, col. 
30, lines 39-43 which requires that a condition precedent for issuance of the new certificate 
(aUeged by the Examiner to be the SCAC certificate) is that the original certificate expires. See 
Lewis, col. 30, lines 39-43 ("When a certificate expires, the USPS certification authority will 
issue anew certificate ..." (emphasis added)). 

Appellants contend that ordinary logic requires that the original certificate cither have 
expired or not have expired (but not both) when the new certificate is issued by the CA. In other 
words, the Examiner is arguing to modi fy Lewis by the alleged teaching of Perlman by issuing 
the new certificate when the original certificate has both expired and not expired, which is 
logically impossible. Therefore, the Examiner's argument for modifying Lewis by the alleged 
teaching of Pcrlman is not persuasive. 

09/626,637 14 
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Accordingly, Appellants maintain that claims 2 and 14 are not unpatentable over Lcwis- 
Wcinstcin in view of Pcrimnn. 

Claim s 3 a nd 15 

Since claims 3 and 15 respectively depend from claims 1 and 13, and since Appellants 
have argued supra thai claims 1 and 13 ore not unpatentable over Lewis in view of Weinstcin, 
Appellants maintain that claims 3 and 1 5 are likewise not unpatentable over Lewis-Wcinstein 
and further in view o f Pcrimnn. 

In addition with respect to claims 3 and 15, Appellants maintain that Lewis-Wcinstein 
and further in view of Pcrlman docs not leach or suggest the following feature: "wherein 
generating the SCAC certificate includes authenticating the server name, the server public key, 
old certifying authority public key, and certifying authority name" (emphasis added) (claim 3), 
and similar language for claim 15. The Examiner argues that Pcrlman, col. 7, lines 10-12 
disclose the preceding feature of claims 3 and 15. 

In response, Appellants maintain that Pcrlman, col. 7, lines 10-12 docs not disclose 
authenticating all four items (the server name, the server public key, old certifying authority 
public key, and certifying authority namo) listed in clams 3 and 15. In fact, Pcrlman, col. 7, lines 
10-12 recites: "Additionally, in system 200, the new CA 204b is configured to issue certificates 
in the same name as the CA 204a", which is not a disclosure of authenticating all four items (the 
server name, the server public key, old certifying authority public key, and certifying authority 
name). 

09/626,637 15 
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Accordingly, Appellants maintain that claims 3 and 15 are not unpatentable over Lcwis- 
Wcinstein in view of Pcrlman. 



00/626,637 16 
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fi ROUND OK REJECTION 3 

Claim 4 stands rejected under 35 U.S.C. § 103(a) as allegedly being unpatentable over 
Lewis- Wcinstein and further in view of Kramer et al. (US Patent No. 6,324,525). 

Since claim 4 depend from claim 1, and since Appellants have argued supra that claim 1 
is not unpatentable over Lewis in view of Wcinstein, Appellants maintain that claim 4 is 
likewise not unpatentable over J>wis-Wemstcin and further in view of Kramer . 

Tn addition with respect to claim 4, Appellants maintain that Lewis-Weinstcin and further 
in view of Kramer does not teach or suggest the feature: "issuing by the certifying authority a 
client (CCAC) certificate, said CCAC certificate being functionally tho same as the SCAC 
certificate subject to the roles of the browser and the server being interchanged". 

The Examiner argues: "Lewis docs not specifically disclose the usage of a Certificate 
Authority (CA) issuing client and server type certificates. However, Kramer discloses the method 
of claim 1 further comprising issuing by the certifying authority a client (CCAC) certificate, said 
CCAC certificate being functionally the same as the SCAC certificate subject to the roles of the 
browser and the server being interchanged, (see Krarner col 105, lines.6l-62; col. 105, line 66- 
col . 1 06, line 1 ; col. 90, lines 27-3 1 : Certificate Authority (CA) for certificate issuance; col. 1 7, 
lines 43-47; col. 1 7, Lines 27-30: client and server type certificates) ... It would have been 
obvious to one of ordinary skill in the art at the time the invention was made to modify Lewis to 
enable the usage of client and server certificates utilizing a trusted third party designated a 
certificate authority for certi ficate issuance as taught by Kramer. One of ordinary skill in the art 
would bo motivated to employ Kramer in order to enable secure communications over the 
publicly access network such ns the Internet communications network, (sec Kramer col. 4, lines 

09/626,637 17 
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19-21 : "... critical thai any solution utilizing the Internet for a communication backbone employ 
some form of cryptography ... " 

In response, Appellants contend that Kramer (col. 105, lines 61-62; col. 105, line 66- col. 
106, lino I; col. 90, lines 27-31; col. 1 7, lines 43-47; col. 17, lines 27-30) does not even come 
close to disclosing the preceding feature of claim 4. The Examiner has not provided any analysis 
to demonstrate that the Examiner's citations teach or suggest the preceding feature of claim 4. 

In further response, Appellants contend that the Examiner's argument for modifying 
Lewis by the alleged teaching of Kramer (i.e., "in order to enable secure communications over 
the publicly access network such as the Internet communications network") is not persuasive 
because I-cwis' invention already achieves secure communications over the Internet without 
employing the alleged teaching of Kramer. 

See Lewis, col. 2, lines 6-8 ("It is, therefore, an object of the present invention to provide 
customer (client) to remote service provider (server) electronic transactions which arc secure and 
reliable. "). Sec Lewis, col. 2, lines 23-28 ('The present invention ... is directed to an application 
which can be downloaded from the Internet, extracted from a zip file, installed, accessed by a 
^reregistered user on a secure PC, and used to conduct electronic commerce. "). Sec Kramer, 
col. 8, lines 11-12 ("The inbound network 1 10 allows a customer 2n to securely access the RSl> 
web server 150."). Indeed, most of the Lewis disclosure is devoted to techniques for achieving 
secure communications over the Internet. 

Therefore, 0 person of ordinary skill in the art would not be motivated to modify Lewis by 
tho alleged teaching of Kramer "to enable secure communications over die publicly access 
network such as the Internet communications network". 

09/626,637 18 
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Accordingly, Appellants maintain that claim 4 is not unpatentable over Lcwis-Wcinstein 
in view of Kramer. 
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CiEOWNllOFKMECTipj^ 

Claim 16 stands rejected under 35 U.S.C. § 1 03(a) as allegedly being unpatentable over 

Lcwis-Wcinslcin and further in view of Kramer el al. (US Patent No. 6,324,525). 

Since claim 16 depend from claim 13, and since Appellants have argued supra that claim 
1 3 is not unpatentable over Lewis in view of Weinstcirt, Appellants maintain that claim 1 6 is 
likewise not unpatentable over Lcwis-Weinstcin and further in view of Kramer. 

In addition with respect to claim 16, Appellants maintain mat Lewis-Wcinslcin and 
further in view of Kramer docs not teach or suggest the following feature: "means for issuing by 
the certifying authority a client(CCAC) certificate, said CCAC certi ficatc being functionally the 
same as the SCAC certificate subject to the roles ofthc browser and the server being 

interchanged" (emphasis added). 

The Examiner argues: «J-cwis does not sped fically disclose the usage of a Certificate 
Authority issuing client and server type certificate. However, Kramer discloses the system of 
claim 1 5, further comprising means for issuing by the certifying authority a client (CCAC) 
certificate, said CCAC certificate being functionally the same as the SCAC certificate subject to 
the roles ofthc browser and the server being interchanged, (sec Kramer col. 105, lines 61-62; col. 
105, line 66 - col. 106, line 1; col. 90, lines 27-31 : Certificate Authority (CA) for certificate 
issuance; col. 17, lines 43-47; col. 17, lines 27-30: client and server certificates) ... It would have 
been obvious to one of ordinary skill in the art at the time the invention was made to modify 
Lewis to enable the usage of client certificates and server certificates utilizing a trusted third 
party designated a certificate authority for certificate issuance as taught by Kramer. One of 
ordinary skill in the art would bo motivated to employ Kramer in order to enable secure 

09/626,637 20 



PAGE 21/31 1 RCVD AT 11/1 1/2005 10:50:49 AM [Eastern Standard Time] * SVMSPTO* FXRF-6/25 * DWSOTOO ' CSID: * DURATION (mm-ss):07-20 



NOV-11-05 FRI 11:58 AM 



FAX NO. 



P. 22 



communications over the publicly access network such as the Internet communications network. 

(sec Kramer col. 4, lines 19-21)". 

In response, Appellants contend that Kramer (col. 105, lines 61-62; col. 105, line 66- col. 
106, line 1 ; col. 90, lines 27-31; col. 17, lines 43-47; col. 17, lines 27-30) does not even come 
close to disclosing the preceding feature of claim 16. The Examiner has not provided any 
nnalysis to demonstrate that the Examiner's citations teach or suggest the preceding feature of 
claim 16. 

In further response, Appellants contend that the Examiner's argument for modifying 
Lewis by the alleged teaching of Kramer (i.e., "in order to enable secure communications over 
the publicly access network such as the Internet communications network") is not persuasive 
because Lewis' invention already achieves secure communications over the Internet without 
employing the alleged teaching of Kramer, 

Sec Lewis, col. 2, lines 6-8 ("It is, therefore, an object of the present invention to provide 
customer (client) to remote service provider (server) electronic transactions which arc secure and 
reliable. "). See Lewis, col. 2, lines 23-28 ("The present invention ... is directed to an application 
which can be downloaded from the Internet, extracted from a zip file, installed, accessed by a 
prc-rcgistcrcd user on a secure PC, and used to conduct electronic commerce. "). Sec Kramer, 
col. 8, lines 1 1-12 ("The inbound network 1 10 allows a customer 2n to securely access the R.SP 
web server 1 50."). Indeed, most of the Lewis disclosure is devoted to techniques for achieving 
secure communications over Ihc Internet. 

Therefore, a person of ordinary skill in the art would not be motivated to modify Lewis by 
the alleged teaching of Kramer "to enable secure communications over the publicly access 

09/626,637 21 
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network such as the Internet communications network". 

Accordingly, Appellants maintain that claim 16 is not unpatentable over Lcwis-Weinstcin 

in view of Kramer. 
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SUMMARY 



In summary, Appellant respectfully requests reversal of the August 1 1 , 2004 Offl 
Action rejection ofclaims 1-6 and 11-19. The Director is hereby authorized to charge ar 
credit Deposit Account No. 09-0457. 



Schmciser, Olscn & Walls 
3 Lear Jet Lane - Suite 201 
Latham, New York 12110 
(518) 220-1850 
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Respectfully submitted, 




Jack P, Friedman 
Attorney For Appellant 
Registration No. 44,688 




NOV-11-05 FRI 11:58 AH FAX NO. cgji^^L WofoHfTEB P- 25 

NOV 1 1 2005 

Docket No. JP920000150US1 
IN THE UNITED STATES PATENT ANl) TRADEMARK OFFICE 

Applicant: Gupta et al. Group Art Unit: 21 43 
Filed: 7/27/2000 lixaraincr: Shin, KyungH. 
Serial No.: 09/626,637 ™„>„™ 
Title M ETHOD AND SYSTEM FOR AUTHENTICATION WHEN 
CERTIFICATION AUTHORITY PUBLIC AND PRIVATE KE YS EXPIRE 

Commissioner for Patents 
P.O. Box 1450 
Alexandria, VA 22313-1450 

APPENDIX A - CLAIMS ON APPEAL 

1 . A method lor enabling use by a browser of valid authentication certificates in relation to a 
transaction between the browser and a server when a private key and public key of a certifying 
authority of the server has expired, comprising: 

receiving an original authentication certificate together with a server certifying authority 
chain (SCAC) ccrti Itcaie by the browser from the server during a SSL handshake between the 
browser and the server, said SCAC certificate having been previously obtained by the server 

from the certi fyi ng authority; 

verifying by the browser the original authentication certificate using the expired public 

key of the certifying authority; and 

verifying by the browser the SCAC certificate using a new public key of the certi fying 

authority. 

2. The method of claim 1 , wherein the SCAC certificate is obtained by the server whenever the 
certifying authority invalidates its public key, wherein die certificate is obtained by: 

09/626,637 24 
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contacting the certifying authority using the server's private key for authentication to 

make a request for the SCAC certificate; 

verifying the request by the certifying authority using the server's public key; and 
generating the SCAC certificate by the certifying authority using a new private key of the 

certifying authority and forwarding the SCAC certificate to the server. 

3. The method of claim 2 wherein generating the SCAC certificate includes authenticating the 
server name, the server public key, old certifying authority public key, and certifying authority 
name. 

4. The method of claim 1 , further comprising issuing by the certifying authority a client (CCAC) 
certificate, said CCAC certificate being fanctionally the same as the SCAC certificate subject to 
the roles of the browser and the server being interchanged. 

5. The method of claim 1, wherein the method further comprises presenting the CCAC 
certificate to tho server during the handshake. 

6. In an arrangement of networked server and browser systems conducting secure transactions 
and including a ccrti fying authority for authenticating such transactions, characterized in that it 
includes a means for authenticating transactions when the public and private key of the said 
certifying authority have expired but the authentication certificates of any of server or browser 
systems is still valid, comprising: 

09/626,637 25 
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means for the server to obtain a certifying authority chain certificate using the new private 

key of the certifying authority, 

mean's for presenting the said certifying authority chain certificate together with the 
original authentication certificate, to the browser, 

means for verifying the original authentication certificate using the expired public key of 
the certifying authority, and verifying the certifying authority chain certificate using the new 
certifying authority public key by the browser. 

1 1. The method of claim 1, further comprising accepting the transaction by the browser after said 
verifying the original authentication certificate and after said verifying the SCAC certificate. 

12. The method of claim 1 , wherein obtaining the SCAC certificate comprises using the new 
private koy of the certifying authority. 

1 3. A system for enabling use by a browser of valid authentication certificates in relation to a 
transaction between the browser and a server when a private key and public key of a certifying 
authority of the server has expired, comprising: 

means for receiving an original authentication certificate together with a server certifying 
authority chain (SCAC) certificate by the browser from the server during a SSL handshake 
between the browser and ihe server, said SCAC certificate having been previously obtained by 

the server from Ihe certifying authority; 

means for verifying by the browser the original authentication certificate using the 
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expired public key ofthc certifying authority; and 

means for verifying by the browser the SCAC certificate using a new public key ofthc 

ccrti fying authority. 

14. The system of claim 13, wherein the SCAC certificate is obtained by the server whenever the 
certifying authority invalidates its public key, wherein the certificate is obtained by: 

means for contacting the certifying authority using the server's private key for 
authentication to make a request for the SCAC certificate; 

moans for verifying the request by the certifying authority using the server's public key; 

and 

mcaas for generating the SCAC certificate by the certifying authority using it's a new 
private key ofthc certifying authority and forwarding the SCAC certificate lo the server. 

15. The system of claim 13, wherein said means for generating the SCAC certificate includes 
means for authenticating the server name, the server public key, old certifying authority public 
key, and certifying authority name. 

1 6. The system of claim 1 5, further comprising means for issuing by the certifying authority a 
client(CCAC) certificate, said CCAC certificate being functionally the same as the SCAC 
certificate subject lo the roles ofthc browser and flic server being interchanged. 

1 7. The system of claim 1 3, wherein the system further comprises means for presenting the 
09/626,637 27 
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CCAC certificate to Ihc server during the handshake. 



1 8. The system o f claim 1 3, further comprising means for accepting the transaction by the 
browser in conjunction with said means for verifying the original authentication certificate and in 
conjunction with said means for verifying the SCAC certificate. 

19. The system of claim 13, wherein said means for obtaining the SCAC certificate comprises 
use of the new private key of the certifying authority. 
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APPEN D1X 11 - EVIDENCE 
There is no evidence entered by the Examiner and relied upon by Appellants in this 

appeal. 
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APPENDIX C - RELATED PROCEEDINGS 

There arc no proceedings identified in the "Related Appeals and Interferences" section. 
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